-
BackupFan
2Hello,
We use SentinelOne as our antivirus software, and we have been getting incidents involving "Program Files\*company name*\online backup\Cloud.Backup.Scheduler.exe"
Is this file expected while using MSP360? What is the recommended manner in dealing with SentinelOne as it pertains to MSP360 in order to avoid false positive incidents? Is it recommended to enter the Signer Certificate for Cloud.Backup.Scheduler.exe ? And if so, can you tell me the Signer Certificate for this?
Thank you. -
David Gugick
118What is the program reporting? I think you'll need to follow whitelisting procedures with that product and you may be able to submit the binary to sentinel one for exclusion, but I'm not sure exactly what the report is. If you want to provide more details you can do so here -
David Gugick
118there's another customer with the same report in the system. I think the best thing for you to do would be to open up a support case directly with the support team. I've added your comments to that particular case. You can submit logs from that machine using the tools diagnostic toolbar option to get things started.
-
BackupFan
2It's reporting it as a threat--though we have experienced false positives before, especially pertaining to MSP360 components.
The following threat indicators are given:
INDICATORS (5)
Evasion
Internal process resource was manipulated in memory.
Attempt to evade monitoring using the Process hollowing technique.
Exploitation
Shellcode execution was detected.
Privilege Escalation
Suspicious Kerberoasting attack. Too many SPN tickets requests.
General
User logged on. -
David Gugick
118It's best to work with support on this as there's an open case already with another customer reporting similar false positives with sentinel one. Please submit the logs and work with the support team on a resolution if you're unable to whitelist the application using the posted sentinel one articles.
-
David Gugick
118I spoke with Support and they are waiting for the logs to be sent. I've also passed on the info you provided in the previous post.
Welcome to MSP360 Forum!
Thank you for visiting! Please take a moment to register so that you can participate in discussions!
Categories
- MSP360 Managed Products
- Managed Backup - General
- Managed Backup Windows
- Managed Backup Mac
- Managed Backup Linux
- Managed Backup SQL Server
- Managed Backup Exchange
- Managed Backup Microsoft 365
- Managed Backup G Workspace
- RMM
- Connect (Managed)
- Deep Instinct
- CloudBerry Backup
- Backup Windows
- Backup Mac
- Backup for Linux
- Backup SQL Server
- Backup Exchange
- Connect Free/Pro (Remote Desktop)
- CloudBerry Explorer
- CloudBerry Drive
More Discussions
- Terms of Service
- Useful Hints and Tips
- Sign In
- © 2024 MSP360 Forum